Friday, December 01, 2006

FBI Taps Cell Phone Mic to Eavesdrop

FBI taps cell phone mic as eavesdropping tool. The Declan McCullagh article at C|Net discusses a new technique which allows remotely activating any cell phone microphone to eavesdrop on any conversation within range of that phone. An opinion by District Judge Lewis Kaplan calls the technique a "roving bug" and it works whether the phone is turned on or off.

The bugging technique apparently requires judicial approval for surveillance for legal use and was employed in this case to listen in on powerful mafia leaders, but the fact that this bugging technique is possible suggests that hackers and other geeks would be able to work out the details and use the eavesdropping ability on any target for identity theft or other nefarious reasons.

Cell phone software which can be installed remotely is all that would be required - perhaps by calling a particular number or accessing a web site over the target handset - which could be initiated by text messages, emails or some pretexting method.

This bugging method was created by government spooks, possibly employing hackers for development and was meant to listen in on paranoid bad guys who avoided cell phone conversations and routinely sweep rooms for bugging devices. So now that they know about the FBI ability to listen from their cell phones, they may resort to removing their batteries at all times - which is the only way to disable the remote enabling of their cell phone microphone.

Assuming we completely trust the government and law enforcement to only use the "roving bug" with court ordered surveillance, what will the rest of us do to avoid bad guy hackers and identity thieves who work out how to turn on cell phone mics of their targets? Don't say your ATM pin as you key it in at the gas pump or at the bank, never say your credit card numbers and expiration date out loud within reach of your cell phone. Never speak your social security number, bank account numbers, driver license number, etc.

Technorati: Cell Phone Tap, surveillance, Privacy, roving bug

Save To    Digg! Digg This!
posted by RealitySEO at 8:12 PM 0 comments

Homeland Security Privacy Report 18 Months Late

Homeland Security Releases Overdue Privacy Report

The Department of Homeland Security Privacy Office has released its report on the Privacy Office's activities over the past two years. The law creating the Department of Homeland Security requires the Privacy Office to issue a report every year, but the report was delayed without explanation for a year and a half.

The Homeland Security Act of 2002, ยง 222, gave the Secretary of Homeland Security the responsibility to "appoint a senior official in the Department to assume primary responsibility for privacy policy." The responsibilities of the Chief Privacy Officer include:

  1. assuring that the use of technologies sustain, and do not erode, privacy protections relating to the use, collection, and disclosure of personal information;
  2. assuring that personal information contained in Privacy Act systems of records is handled in full compliance with fair information practices as set out in the Privacy Act of 1974;
  3. evaluating legislative and regulatory proposals involving collection, use, and disclosure of personal information by the Federal Government;
  4. conducting a privacy impact assessment of proposed rules of the Department or that of the Department on the privacy of personal information, including the type of personal information collected and the number of people affected; and
  5. preparing a report to Congress on an annual basis on activities of the Department that affect privacy, including complaints of privacy violations, implementation of the Privacy Act of 1974, internal controls, and other matters.

The report discusses general efforts the Privacy Office has made since July 2004 to "embed" privacy considerations into the evaluation processes in the Department of Homeland Security, but there is no information on whether these efforts have succeeded in reducing threats to Americans' privacy. The report is lighter on specifics than the previous report, covering through June of 2004. The new report discusses the Privacy Office's work with airport and immigration screening, but it ignores recent programs like video surveillance of public spaces.

The report identifies several privacy problems in DHS programs. In 2005 Congress ordered the Government Accountability Office to investigate the Transportation Security Administration's airline passenger screening programs. The GAO found significant problems with handling of personal information and violations of privacy laws. The GAO turned its findings over to the Privacy Office, which then did its own investigation. The Privacy Office claims to have continued its work with the TSA to resolve these issues. However, the report did not resolve EPIC's concerns about TSA redress procedures -- namely that citizens do not have the right to litigate to ensure their records are correct or even to view their records.

The Department of Homeland Security has received wide criticism for its identification card programs, many of which use radio frequency identification technology. The Privacy Office's report did not mention a draft report by the Department of Homeland Security Data Privacy and Integrity Advisory Committee also recommending against the use of RFID in identification documents. "RFID appears to offer little benefit when compared to the consequences it brings for privacy and data integrity," the committee said.

Earlier this year, EPIC wrote to the Department of Homeland Security to urge the release of the report. Then President Bush issued a statement in which he said the "executive branch shall construe section 522 of the Act, relating to privacy officer reports, in a manner consistent with the President's constitutional authority to supervise the unitary executive branch." The White House influence on federal privacy policy can be found in Section V of the agency's report.

Congress will be able to use the new report to evaluate the Privacy Office's performance.

DHS Chief Privacy Officer Report Covering July 2004 to July 2006 (PDF)

EPIC's Letter to Chief Privacy Officer Teufel (PDF)

Department of Homeland Security Data Privacy and Integrity Advisory Committee: The Use of RFID for Human Identification (PDF)

Homeland Security Act of 2002 (PDF)

Presidential Signing Statement, H.R. 5441

EPIC's page on Privacy Report Held Hostage

Technorati: Homeland Security, privacy office, Privacy

Save To    Digg! Digg This!
posted by RealitySEO at 12:56 PM 0 comments